Tianocore Security Vulnerabilities (CVEs)

Track 9 security vulnerabilities affecting Tianocore products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.

9 High

Sort by:

🔔 Get Alerts for Tianocore

CVE-2025-2486 8.8

This CVE allows attackers to bypass Secure Boot restrictions by accessing the UEFI Shell in Ubuntu systems with vulnerable edk2 firmware. This could e...

Nov 26, 2025

CVE-2023-45232 7.5

CVE-2023-45232 is an infinite loop vulnerability in EDK2's Network Package when parsing unknown IPv6 Destination Options headers. This allows attacker...

Jan 16, 2024

CVE-2023-45234 8.3

A buffer overflow vulnerability in EDK2's Network Package allows attackers to execute arbitrary code by sending malicious DHCPv6 Advertise messages. T...

Jan 16, 2024

CVE-2023-45230 8.3

EDK2's Network Package has a buffer overflow vulnerability in the DHCPv6 client when processing long server ID options. Attackers on the same network ...

Jan 16, 2024

CVE-2022-36764 7.0

CVE-2022-36764 is a heap buffer overflow vulnerability in EDK2's Tcg2MeasurePeImage() function that allows local network attackers to potentially exec...

Jan 9, 2024

CVE-2021-38578 7.4

CVE-2021-38578 is a buffer underflow vulnerability in Tianocore EDK II's System Management Mode (SMM) entry point that allows attackers to corrupt SMR...

Mar 3, 2022

CVE-2021-38576 7.5

A BIOS firmware vulnerability in certain PC models leaves the Platform authorization value empty, allowing attackers to permanently brick the TPM chip...

Jan 3, 2022

CVE-2021-28213 7.5

CVE-2021-28213 involves a security risk in EDK2's IpSecDxe.efi where an example encrypted private key is present, potentially allowing attackers to de...

Jun 11, 2021

CVE-2019-14584 7.8

CVE-2019-14584 is a null pointer dereference vulnerability in Tianocore EDK2 firmware that allows an authenticated local user to potentially escalate ...

Jun 3, 2021

Why Monitor Tianocore Security Vulnerabilities?

Real-time CVE tracking: Our automated system monitors 9+ known vulnerabilities affecting Tianocore products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.

Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Tianocore packages in under 60 seconds. No agents required - completely agentless scanning that works across Tianocore deployments.

Free vulnerability database: Access detailed information about every Tianocore CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.

🚀 Get Started in 60 Seconds

Register free account & add your servers
Run one-time scan or schedule automatic monitoring (every 1-24 hours)
Receive instant alerts when new Tianocore CVEs affect your systems
Access dashboard with severity breakdown & fix instructions

Start Monitoring Tianocore CVEs Free